CLAIMS 



1. A cryptographic system combining the so- 
called discrete logarithm and factorization 
principles, comprising, among other things, 
public keys and a secret key, characterised in 
that the said public keys comprise, at least: 

a. an RSA modulus n, greater' in size than 640 
bits, having the following property: 

n = (A p A + 1) x (B p B + 1) - . 
in_ which : 

p A and p B are prime numbers greater in size 
than 320 bits, 

(A p A +■ 1) is an RSA prime denoted p, 

(B p B + 1) is an RSA prime denoted q, 

A is the product .of k/2 (k being an even 
integer number between 10 and 120) prime numbers 
(denoted p[i], i = 1 to k/2) of relatively small 
size (between 2 and 16 bits) and 

B is the product of k/2 prime numbers (also 
denoted p[i], i = k/2 + 1 to k) ; 

the p[i]s being of relatively small size 
(between 2 and 16 bits) , and also able to be 
mutually prime; 
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b. an exponentiation base g, of order <)>(n)/4 
(where $ ( n ) denotes the Euier indicator 
function), g therefore having not to be a p [ i ] - 
th power modulo n of any number. 

5 

2. A cryptographic system according to Claim 1 
comprising at least an, encryption/decryption 
system 1, characterised in that the encryption 
of a message m, m < AB, consists of the 

10 operation: 

c = g m mod n 

wh^re c denotes the cryptogram (encrypted 
15 message ) . 

3. A cryptographic system according to Claim 2 
comprising an encryption/decryption system, 
characterised in that the integrity of m can be 

20 provided by the encryption of m|h(m) (h denoting 
a hashing function and I denoting 

concatenation), or by the encryption of DES(key, 
m) , the said key being. a key accessible to all. 

25 4 A cryptographic system according to Claim 1 
comprising an encryption/decryption system and a 
key escrow system, characterised in that: 

the said secret key of the decrypter or of the 
30 escrow centre is the number (j> ( n ) , and "in that 
the operation of decryption or of recovering the 
identity of a user consists of the following 
steps : 
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a. calculating, for i from 1 to k: y[i] 

c »(n)/p[l] mQd n; 

b. • for i from 1 to k 

5 for j from 1 to p[i] 

comparing y[i] with the values g ^< n)/ P cil mod" 
n independent of m; 

if g j*{n)/ P (ii mod n = y [i] then assign p. [ i ] = 

j 

10 

c. reconstructing the message m from. the 
Chinese remainder theorem CRT and the values. 

15 5. A cryptographic system according to Claim 4 
or 5 comprising an encryption/decryption system 
and a key escrow system, characterised in that 
the said decrypter speeds up the' calculation of 
the quantities y[i] by calculating: 

20 

a) z = c r mod n where r = PaPb 

b) for i from 1 to k: y[i] = z AB/pU1 mod n, 

25 so as to take advantage of the difference in 
size between AB/p [i] and +(n)/p[i] for speeding 
up the calculations. 

.6. A cryptographic system according to Claim 4 
30 comprising an encryption/decryption system and a 
key escrow system or 5, characterised in that 
the decrypter pre-calculat es and saves, once and 
for all, the table of values g ^ (n)/ P cil mod n for 
1 . < i < k and 1 . < j < p [ i ] 
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or, 

more specifically, a truncation or a hashing of. 
these values (denoted h) having the following 
5 property: 

h (g j*(n)/p[i] mod n) ^ h (g j'*(n)/pCi] mod n) if j * j'. 

7. A cryptographic system according to any one 
10 of Claim 4 to 6 comprisin.g an 

encryption/decryption system and a key escrow 
system, characterised . in that the ,decrypter 
speeds up its calculations by separately 
decrypting the message modulo p and then modulo 
15 q, and constructing the modulo results with the 
help of the Chinese remainder theorem in order 
to find m. again. 

8 . A cryptographic system according to any one 
20 of Claims 4 to 7, characterised in that a key. 
escrow centre or authority implements the 
following steps: 

a. s it codes the identity of the user ID = 2 2 1 " 1 
25 ID[i] where ID[i] are the bits of the identity 

of the said user of the system (the sum being 
taken for i from 1 to k) by calculating e (ID) = 
n p[i] IDCil (the product being taken for i from 1 
to k) ; • 

30 

b. it issues, to the . user, an El-Gamal key 
(that is to say an exponentiation base) c = 
g e(ID)u mod n, 
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in which u is a large random prime or a number 
p r ime with <j> ( n ) ; 

c. it thus makes it possible for the u-ser to 
5 derive, from c, his El-Gamal public key by 

choosing a random number x and raising c to the- 
power x modulo n. 

d. with the aim of finding the trace of the 
10 user, the authority extracts, from the El-Gamal 

cryptogram of the encrypter, the said cryptogram 
always comprising two parts, the part: 

v = c r mod n 

15 

where r is the encryption random number chosen 
by the encrypter. 

e. Knowing <j) ( n ) , the said authority finds the 
20 bits ID[i]-by means of the following algorithm: 

1. calculate, for i from 1 to k: y[i] 

v *tn)/p[±] mod n 

25 2. if y[i] = 1, then \x [ i ] = 1, otherwise 

jx[i] = 0 

3 . calculate : 

30 • ID' = Z 2 i_1 ji[i] 

4 . find V : ID = . CCE ( ID' ) 

in which CCE denotes an error correction 
35 mechanism. 
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9. A cryptographic system according to any one 
of Claims 4 to 7 comprising a key escrow system, 
characterised in that it is based on. the so- 
5 called Dif f ie-Hellman key exchange mechanism 
where a number c, obtained by raising g to a 
random power a modulo n by one of the parties, 
is intercepted - by the said escrow authority: 

10 c = g a mod n 

the said escrow authority finds a • again in the 
following manner: 

15 a. knowing the factorization of n, the said 
authority finds, with the help of the decryption 
algorithm, the value" 

a = a mod AB 

20 

that is a = a + pAB; 

b. the said authority calculates: X = c/g a mod 
n = g PAB mod n 

25 

c. using a - crypt analys i s algorithm, the 
authority calculates the discrete logarithm p 

X = (g AB ) p mod n 

30 

. d. the authority finds 



a = a + pAB 
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and decrypts the communications based on the use 
of a . 

10. A cryptographic system according, to any one 
5 of Claims 2 to 9 comprising an 

encryption/decryption system' and a key escrow 
system, characterised in that the RSA modulus n 
is the product of three factors: 

10 n = (Ap A + 1) x (Bp B + 1) x (Cp c + 1) 

in which P A , P B , Pc are prime numbers greater in 
size than 320 bits, 

15 ( ApA + 1), (Bps + 1), (Cp c + 1) are RSA 

primes, denoted respectively p, q, r, 

A, B and C are each the product of lc/3 prime 
numbers (denoted p[i], i = 1 to k), the p[i]s 
20 being of relatively small size (between 2 and 16 
bits) and able to be mutually prime numbers and 
k being an integer number between 10 and 120, so 
that 'the product ABC has at least .160 bits. 

25 11. A cryptographic system according to any one 
of Claims 1 to 10 comprising an 

encryption/decryption or escrow system, 

characterised in that the. items of encryption, 
decryption and key escrow equipment are 

30 computers, chip cards, PCMCIA cards, badges, 
contactless cards or any other portable 
equipment . 

12. A device comprising a cryptographic system 
35 according to any one of the preceding claims, 
■ characterised in that it comprises an encryption 



system and/or a decryption system and/or a key 
escrow system, the said systems communicating 
with one another by an exchange of electronic 
signals or by means of an exchange of radio 
waves or infrared signals. 



